Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Detecting advanced rootkits with WebGateway

Created: 25 May 2010

We're currently investigating a case where a client appears to be infected with Mebroot (http://www.symantec.com/security_response/writeup....). Anyone in this community who have created custom rules to detect these advanced rootkits/bots (other than the built-in botnet detection capabilities)?

We're still to have this infection confirmed, but it seems that the need for 3rd party information to detect these threats is still there (we also run SEP).

As far as I understand there are really no good APIs/integration against external sources such as http://www.malware.com.br for example (I know a list is available in this example, but still needs to be manually imported as far as I know).

I would be interested to hear if anyone has some good configuration examples to increase on the bulit-in protection provided by the Web Gateway.

Discussion Filed Under: